[webkit-reviews] review requested: [Bug 24533] Add a test to ensure that obfuscated javascript: URLs don't allow XSS : [Attachment 28558] Add cases to javascriptURL-execution-context-frame-location-htmldom.html instead
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 12 14:47:17 PDT 2009
Pam Greene <pam at chromium.org> has asked for review:
Bug 24533: Add a test to ensure that obfuscated javascript: URLs don't allow
XSS
https://bugs.webkit.org/show_bug.cgi?id=24533
Attachment 28558: Add cases to
javascriptURL-execution-context-frame-location-htmldom.html instead
https://bugs.webkit.org/attachment.cgi?id=28558&action=review
------- Additional Comments from Pam Greene <pam at chromium.org>
> A typo, it's appendTestEpilogue. But I do not think that this is the right
> approach - the whole point of checking successfullyParsed is that it is
> performed from a separate script, so a failure to execute the test script
> doesn't affect it.
Good point. I was trying for some consistency when appending these pieces
manually, but if nothing else, the js-test-post.js file should duplicate the
epilogue rather than calling the other file. And perhaps not even that. In any
case, it no longer matters here.
> It's confusing that the ChangeLog talks about XSS, but the frame being
scripted
> is not from a different domain (especially after the first programmatic
> navigation). So, I'm not sure what the potential bug is - is it about
bypassing
> packet filters, or bypassing engine security checks?
The history I have available for this one is unfortunately very sparse, but it
looks like it was added in response to the same problems that led to
http/tests/security/javascriptURL/javascriptURL-execution-context-frame-locatio
n-htmldom.html and its associated fixes. As you note, the tests are strikingly
similar in a few ways.
So, I've simply added a few more test cases to that one.
More information about the webkit-reviews
mailing list